NVD Vulnerability Detail

CVE-2010-0051

Summary	WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.
Summary	Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'WebKit CVE-ID: CVE-2010-0051 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An implementation issue exists in WebKit's handling of cross-origin stylesheet requests. Visiting a maliciously crafted website may disclose the content of protected resources on another website. This update addresses the issue by performing additional validation on stylesheets that are loaded during a cross-origin request.'
Summary	Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/'
Publication Date	March 15, 2010, 11:15 p.m.
Registration Date	Jan. 29, 2021, 10:55 a.m.
Last Update	Sept. 19, 2017, 10:30 a.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource	タグ
1	http://code.google.com/p/chromium/issues/detail?id=9877	MISC
2	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	APPLE
3	http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html	APPLE
4	http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html	APPLE	Vendor Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	SUSE
6	http://osvdb.org/62944	OSVDB
7	http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html	MISC
8	http://secunia.com/advisories/41856	SECUNIA
9	http://secunia.com/advisories/42314	SECUNIA
10	http://secunia.com/advisories/43068	SECUNIA
11	http://support.apple.com/kb/HT4070	CONFIRM	Vendor Advisory
12	http://support.apple.com/kb/HT4225	CONFIRM
13	http://support.apple.com/kb/HT4456	CONFIRM
14	http://websec.sv.cmu.edu/css/css.pdf	MISC
15	http://www.mandriva.com/security/advisories?name=MDVSA-2011:039	MANDRIVA
16	http://www.securityfocus.com/bid/38671	BID	Patch
17	http://www.securitytracker.com/id?1023708	SECTRACK
18	http://www.ubuntu.com/usn/USN-1006-1	UBUNTU
19	http://www.vupen.com/english/advisories/2010/2722	VUPEN
20	http://www.vupen.com/english/advisories/2011/0212	VUPEN
21	http://www.vupen.com/english/advisories/2011/0552	VUPEN
22	https://exchange.xforce.ibmcloud.com/vulnerabilities/56837	XF
23	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7554	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

Apple Safari の WebKit における重要な情報を取得される脆弱性

Title	Apple Safari の WebKit における重要な情報を取得される脆弱性
Summary	Apple Safari の WebKit には、スタイルシートのクロスオリジンを適切に検証しないため、重要な情報を取得される脆弱性が存在します。本脆弱性は CVE-2010-0651 と重複している可能性があります。
Possible impacts	巧妙に細工された HTML ドキュメントを介して、重要な情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 15, 2010, midnight
Registration Date	March 26, 2010, 10:26 a.m.
Last Update	Dec. 10, 2010, 2:23 p.m.

Affected System

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X v10.5.8

Apple Mac OS X v10.6.1 以降

Apple Mac OS X Server v10.4.11

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6.1 以降

iOS 2.0 から 3.1.3

iOS iOS 3.2 から 3.2.2 (iPad 用)

iOS for iPod touch 2.1 から 3.1.3

iPad

iPhone

iPod touch

Safari 4.0.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0051	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
National Vulnerability Database (NVD)
2	CVE-2010-0051	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0051

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT4070	http://support.apple.com/kb/HT4070
2	HT4225	http://support.apple.com/kb/HT4225
3	HT4456	http://support.apple.com/kb/HT4456
Apple セキュリティアップデート
4	HT4070	http://support.apple.com/kb/HT4070?viewlocale=ja_JP
5	HT4225	http://support.apple.com/kb/HT4225?viewlocale=ja_JP

Change Log

No	Changed Details	Date of change
0	[2010年03月26日] 掲載 [2010年07月13日] 影響を受けるシステム：アップル (HT4225) の情報を追加ベンダ情報：アップル (HT4225) を追加 [2010年12月10日] 影響を受けるシステム：アップル (HT4456) の情報を追加ベンダ情報：アップル (HT4456) を追加	Feb. 17, 2018, 10:37 a.m.